|
1 local configmanager = require "core.configmanager"; |
|
2 local ssl = ssl; |
|
3 local ssl_newcontext = ssl.newcontext; |
|
4 |
|
5 local setmetatable = setmetatable; |
|
6 |
|
7 local prosody = prosody; |
|
8 |
|
9 module "certmanager" |
|
10 |
|
11 -- These are the defaults if not overridden in the config |
|
12 local default_ssl_ctx = { mode = "client", protocol = "sslv23", capath = "/etc/ssl/certs", verify = "none", options = "no_sslv2"; }; |
|
13 local default_ssl_ctx_in = { mode = "server", protocol = "sslv23", capath = "/etc/ssl/certs", verify = "none", options = "no_sslv2"; }; |
|
14 |
|
15 local default_ssl_ctx_mt = { __index = default_ssl_ctx }; |
|
16 local default_ssl_ctx_in_mt = { __index = default_ssl_ctx_in }; |
|
17 |
|
18 -- Global SSL options if not overridden per-host |
|
19 local default_ssl_config = configmanager.get("*", "core", "ssl"); |
|
20 |
|
21 function get_context(host, mode, config) |
|
22 local ssl_config = config and config.core.ssl or default_ssl_config; |
|
23 if ssl and ssl_config then |
|
24 return ssl_newcontext(setmetatable(ssl_config, mode == "client" and default_ssl_ctx_mt or default_ssl_ctx_in_mt)); |
|
25 end |
|
26 return nil; |
|
27 end |
|
28 |
|
29 function reload_ssl_config() |
|
30 default_ssl_config = config.get("*", "core", "ssl"); |
|
31 end |
|
32 |
|
33 prosody.events.add_handler("config-reloaded", reload_ssl_config); |
|
34 |
|
35 return _M; |